----- Original Message -----
> From: "Zhou Zheng Sheng" <zhshz...@linux.vnet.ibm.com>
> To: "Alon Bar-Lev" <alo...@redhat.com>
> Cc: email@example.com
> Sent: Sunday, January 6, 2013 11:25:39 AM
> Subject: Re: [vdsm] starting up vdsm and svdsm
> on 01/06/2013 17:07, Alon Bar-Lev wrote:
> > ----- Original Message -----
> >> From: "Zhou Zheng Sheng" <zhshz...@linux.vnet.ibm.com>
> >> To: firstname.lastname@example.org
> >> Sent: Sunday, January 6, 2013 11:03:59 AM
> >> Subject: Re: [vdsm] starting up vdsm and svdsm
> >> I think splitting VDSM and super VDSM into two services and
> >> delegate
> >> everything to systemd is simple and robust, just like libvirtd and
> >> VDSM.
> >> The auth key problem you mentioned also applies to connecting
> >> libvirtd,
> >> we can just follow the existing solution for it.
> > I don't understand this auth key thing.
> > Why is it required?
> > Shouldn't it be sufficient to allow only vdsm user to interact with
> > svdsm?
> > Thanks,
> > Alon.
> The auth key is not very useful. It is passed in the command
> of super VDSM server, very insecure.
> By writing follow the existing solution, I mean libvirtd refer to a
> DB for password and VDSM refer to /etc/pki/vdsm/keys/libvirt_password
> when connecting to libvirtd.
> I agree to allow only vdsm user to access the svdsm.sock and forget
> auth key thing because saving the auth key in a vdsm user readonly
> does not improve any security level. If the some one can access
> svdsm.sock, he can always access libvirt_password. libvirtd is mean
> be used by many clients so its unix socket file can not be restricted
> vdsm user only, it needs a password for each user in the SASL DB. The
> super VDSM server is only for VDSM itself, so restricting access
> svdsm.sock is enough, no auth key needed.
BTW: The auth key is not required even if you use multiple local users, as
usock can ask the identity of the other party.
 http://linux.die.net/man/7/unix SCM_CREDENTIALS
vdsm-devel mailing list